Ingénieur-e Sécurité Applicative (AppSec) F/H

About Safran Analytics

Safran Analytics is the "IA Factory" of the Safran Group, dedicated to the valorization and protection of business data (tabular, time series, text). The teams collaborate closely with the Group's engineers and product managers to design, develop, and secure innovative solutions based on Analytics, Machine Learning, and Generative AI.

In this context, you will work in an agile and dynamic environment, within a product SQUAD, collaborating with data scientists, data engineers, developers, architects, and UX designers, under the responsibility of a senior DevSecOps.

Main Missions

• Accompany product teams in integrating application security best practices (AppSec approach) within AI & Data development flows;
• Actively participate in securing applications and services (SaaS, microservices, AI agents) developed and operated in the IA Factory;
• Raise awareness and advise teams on the state-of-the-art in software security, particularly in the AWS cloud context;
• Participate in vulnerability monitoring and management throughout the software lifecycle.

Detailed Responsibilities

Application Security and Compliance

• Conduct and support risk analyses on applications (EBIOS, OWASP, etc.);
• Integrate and supervise code review and vulnerability scanning tools in CI/CD pipelines (SAST, SCA);
• Contribute to writing application security policies and standards aligned with Group and industry frameworks (NIST, ANSSI, OWASP Top 10);
• Manage alerts and vulnerability remediation (bug management, tracking, patch management coordination);
• Participate in internal AppSec awareness campaigns and prepare teams for security audits.

Cloud Security and DevSecOps

• Collaborate closely with DevSecOps to integrate security into AI industrialization workflows (CI/CD, MLOps);
• Support the implementation of security controls in AWS environments (IAM, secrets management, secure infrastructure configuration);
• Ensure the application of security by design and privacy by design principles within AI/Data projects.

Automation, Monitoring, and Incident Response

• Automate the detection, analysis, and management of application security incidents;
• Monitor the attack surface of applications (logs, metrics, alerts), contribute to the bug bounty/pentest simulation program;
• Document and share security best practices and lessons learned with project teams.

Additional Assets

• Security certifications (CEH, GWEB, OSCP, CCSP, etc.)
• Kubernetes knowledge
• AWS or DevSecOps cloud certifications
• Interest in monitoring and processing AI security.

About You

Profile

• Education: Engineer or Master's degree (Bac+5) in cybersecurity, computer science, software development, information systems, or equivalent;
• Experience: 2 to 4 years in application security, or in securing AI/Data/SaaS projects; A first experience in DevSecOps or public cloud (AWS) is appreciated.

Required Skills

• Mastery of secure development concepts (e.g., Secure Coding, OWASP, common software vulnerabilities);
• Experience in vulnerability analysis on web applications, APIs, microservices;
• Proficiency with SAST/SCA tools and their integration into CI/CD chains (ideally GitLab CI/CD);
• Good foundation in AWS environments (IAM, KMS, Secrets Manager, GuardDuty, etc.), and Infrastructure as Code (Terraform);
• Awareness of privacy/personal data management (GDPR, encryption, anonymization).

Behavioral Skills

• Strong appetite for multidisciplinary teamwork, advisory posture;
• Pedagogical skills, initiative, and curiosity about emerging AI risks;
• Rigor, autonomy, reporting skills.

Job Location

• Location: Europe, France, Ile de France, YVELINES (78)
• Address: Rue des jeunes bois 78117 Châteaufort

Candidate Criteria

• Minimum Education Level: BAC+5
• Minimum Experience Level: More than 3 years
• Languages: English (Fluent)